Fortinet black logo

CLI Reference

config security waf action

config security waf action

Use this command to configure web application firewall (WAF) actions. A WAF action is referenced by the WAF policies to define which action will be taken when policies detect attacks.

In many cases, you can use predefined profiles to get started.

Predefined actions

Description

alert

WAF policies will allow the traffic to pass and log the event.

block

WAF policies will drop the current attack session by HTTP 403 message and block the attacker (according the attacker’s IP address) for 1 hour, and log the event.

captcha

WAF policies will allow the traffic to pass if the client successfully fulfills the CAPTCHA request, and log the event.

deny

WAF policies will the drop current attack session by HTTP 403 message, and log the event.

silent-deny

WAF policies will drop the current attack session by HTTP 403 message, without logging the event.

The configurations for these actions are shown in the examples that follow. If desired, you can create user-defined actions.

Before you begin:
  • Usually, predefined actions are enough for normal usage, and most predefined WAF policies reference the predefined actions. After you define your own action, you must specify it in your WAF policies for it to take effect.
  • You must have read-write permission for security settings.

Syntax

config security waf action

edit <name>

set type {deny|pass|period-block|redirect|captcha}

set log {enable|disable}

set deny-code {200|202|204|205|400|403|404|405|406|408|410|500|501|502|503|504}

set block-period <integer>

set redirect-url <string>

set comment <string>

next

end

type

Specify action type from the following:

  • deny — Blocks the request. This will drop the current session by a HTTP error message.
  • pass — Allows the request. The current session will be allowed to continue.
  • period-block — Denies all HTTP requests from a source IP within a period which is specified in the block-period. This will drop the current session by a HTTP error message and block the client for a period.
  • redirect — Sends a redirect. This will drop the current session by a HTTP 302 redirect message and allow the client to redirect to another URL.
  • captcha — Requires the client to successfully fulfill the CAPTCHA request. The current session will be allowed to continue after the client successfully fulfills the CAPTCHA request.

log

Enable/disable to log the event.

deny-code

The deny-code option is available if the type is deny or period-block.

Specify HTTP error message code when the action drops the current session. Default: 403.

200, 202, 204, 205, 400, 403, 404, 405, 406, 408, 410, 500, 501, 502, 503, 504

block-period

The block-period option is available if the type is period-block.

Specify a time period when action blocks the client. Default: 60 seconds, Range: 1- 3600 seconds.

redirect-url

The redirect-url option is available if the type is redirect.

Specify a URL when the action performs a HTTP redirect.

Example

FortiADC-docs # get security waf action

== [ alert ]

== [ deny ]

== [ block ]

== [ silent-deny ]

FortiADC-docs # get security waf action alert

type : pass

log : enable

comment :

FortiADC-docs # get security waf action deny

type : deny

log : enable

deny-code : 403

comment :

FortiADC-docs # get security waf action block

type : period-block

log : enable

deny-code : 403

block-period : 3600

comment :

FortiADC-docs # get security waf action silent-deny

type : deny

log : disable

deny-code : 403

comment :

FortiADC-docs # config security waf action

FortiADC-docs (action) # edit eval

FortiADC-docs (eval) # get

type : deny

log : enable

deny-code : 403

comment : comments

FortiADC-docs (eval) # set type period-block

FortiADC-docs (eval) # set deny-code 200

FortiADC-docs (eval) # set block-period 30

FortiADC-docs (eval) # set log disable

FortiADC-docs (eval) # end

config security waf action

Use this command to configure web application firewall (WAF) actions. A WAF action is referenced by the WAF policies to define which action will be taken when policies detect attacks.

In many cases, you can use predefined profiles to get started.

Predefined actions

Description

alert

WAF policies will allow the traffic to pass and log the event.

block

WAF policies will drop the current attack session by HTTP 403 message and block the attacker (according the attacker’s IP address) for 1 hour, and log the event.

captcha

WAF policies will allow the traffic to pass if the client successfully fulfills the CAPTCHA request, and log the event.

deny

WAF policies will the drop current attack session by HTTP 403 message, and log the event.

silent-deny

WAF policies will drop the current attack session by HTTP 403 message, without logging the event.

The configurations for these actions are shown in the examples that follow. If desired, you can create user-defined actions.

Before you begin:
  • Usually, predefined actions are enough for normal usage, and most predefined WAF policies reference the predefined actions. After you define your own action, you must specify it in your WAF policies for it to take effect.
  • You must have read-write permission for security settings.

Syntax

config security waf action

edit <name>

set type {deny|pass|period-block|redirect|captcha}

set log {enable|disable}

set deny-code {200|202|204|205|400|403|404|405|406|408|410|500|501|502|503|504}

set block-period <integer>

set redirect-url <string>

set comment <string>

next

end

type

Specify action type from the following:

  • deny — Blocks the request. This will drop the current session by a HTTP error message.
  • pass — Allows the request. The current session will be allowed to continue.
  • period-block — Denies all HTTP requests from a source IP within a period which is specified in the block-period. This will drop the current session by a HTTP error message and block the client for a period.
  • redirect — Sends a redirect. This will drop the current session by a HTTP 302 redirect message and allow the client to redirect to another URL.
  • captcha — Requires the client to successfully fulfill the CAPTCHA request. The current session will be allowed to continue after the client successfully fulfills the CAPTCHA request.

log

Enable/disable to log the event.

deny-code

The deny-code option is available if the type is deny or period-block.

Specify HTTP error message code when the action drops the current session. Default: 403.

200, 202, 204, 205, 400, 403, 404, 405, 406, 408, 410, 500, 501, 502, 503, 504

block-period

The block-period option is available if the type is period-block.

Specify a time period when action blocks the client. Default: 60 seconds, Range: 1- 3600 seconds.

redirect-url

The redirect-url option is available if the type is redirect.

Specify a URL when the action performs a HTTP redirect.

Example

FortiADC-docs # get security waf action

== [ alert ]

== [ deny ]

== [ block ]

== [ silent-deny ]

FortiADC-docs # get security waf action alert

type : pass

log : enable

comment :

FortiADC-docs # get security waf action deny

type : deny

log : enable

deny-code : 403

comment :

FortiADC-docs # get security waf action block

type : period-block

log : enable

deny-code : 403

block-period : 3600

comment :

FortiADC-docs # get security waf action silent-deny

type : deny

log : disable

deny-code : 403

comment :

FortiADC-docs # config security waf action

FortiADC-docs (action) # edit eval

FortiADC-docs (eval) # get

type : deny

log : enable

deny-code : 403

comment : comments

FortiADC-docs (eval) # set type period-block

FortiADC-docs (eval) # set deny-code 200

FortiADC-docs (eval) # set block-period 30

FortiADC-docs (eval) # set log disable

FortiADC-docs (eval) # end